|
|
BugTraq
Cisco 6509 switch telnet vulnerability Oct 03 2003 12:03AM Chris Norton (kicktd hotmail com) (2 replies) Re: Cisco 6509 switch telnet vulnerability Oct 04 2003 05:55AM Bob Niederman (btrq bob-n com) (1 replies) |
|
Privacy Statement |
and secureID, and those are the only ones we have around. Has
anyone been able to replicate this?
--- Bob Niederman <btrq (at) bob-n (dot) com [email concealed]> wrote:
>
>
>
> While this is clearly a bug, the example given does not show
> that it's
> serious. The example (and the statement "...as long as they
> are followed
> by a space and a ?") shows that you have gotten the syntax for
> the next
> parameter of the command, not that you have executed it.
>
>
> ---
> My mail server bit-buckets mail to this address which is not
> from securityfocus.com servers. To email me, send to
> bob AT bob-n DOT com
>
> On 3 Oct 2003, Chris Norton wrote:
>
> >
> >
> > A vulnerability has been found on Cisco 6509 switches. The
> > vulnerability was found to work on 2 different Cisco 6509
> switches
> > running CATOS 5.4(2) and 5.5(2). The vulnerability can lead
> to
> > information and commands being exectued on the remote switch
> from the
> > login prompt. Commands can be exectued at the Enter
> password: prompt
> > as long as they are followed by a space and a ? Proof of
> concept
> > below: Cisco Systems Console
> >
> > Enter password:
> > <data_size> Size of the packet (0..1420)
> > <cr>
> > Enter password: traceroute 127.0.0.1
> >
> > This vulnerability has yet to be confirmed by Cisco but they
> have been alerted about it.
> >
>
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
[ reply ]